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METHOD FOR AUTHENTICATING AND SECURING 
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CROSS-REFERENCE TO RELATED CASES 

5 

This application claims the benefit of U.S. Provisional Application No. 
60/215,339, entitled "Method and System for Authenticating and Securing Integrated 
Bookstore Entries," filed on June 30, 2000, which is hereby incorporated by reference. 

10 COPYRIGHT INFORMATION 

A portion of the disclosure of this patent document contains material 
which is subject to copyright protection. The copyright owner has no objection to the 
facsimile reproduction by anyone of the patent document or patent disclosure, as it 
appears in the Patent and Trademark Office patent file or records, but otherwise 
15 reserves all copyright rights whatsoever. 

FIELD OF THE INVENTION 

The present invention relates generally to the field of computing. More 
particularly, the invention relates to a system and method for providing an integrated 
20 shopping service within an application program. One specific application of such an 
integrated shopping service is a service that allows users of a content-rendering 
application to shop for digital content at a dynamically-updatable set of retail web sites. 
The invention further provides for control over the dynamically-updatable set of retail 
web sites through cryptographic signing and authentication. 



25 



BACKGROUND OF THE INVENTION 

Certain software requires third parties to provide digital content in order 
to make the software valuable to users. A prime example is an application for rendering 
books, audio, video, etc. Such an application is useful only when digital content - e.g., 
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text, audio, video, etc. - is available for use with the application or device, and such 
digital content is generally provided by third parties. 

Typically, a user obtains the content by using a stand-alone web browser 
(e.g. INTERNET EXPLORER or NETSCAPE NAVIGATOR) to find and obtain 

5 content from Internet web sites that provide it. Sites that distribute content may be 

located with the aid of a search engine. This method, however, does not offer the user 
the convenience of shopping for content from within the rendering application. 

As an alternative to the stand-alone browser, a browser may be 
integrated into the content-rendering application, and the application may be hard-coded 

10 to point the browser to one or more web sites that provide content. This approach, 

however, has drawbacks; if the universal record locators (URLs) of particular web sites 
are hard-coded into the browser, it is difficult to add or delete web sites to or from the 
list, or to customize the list for different instances of the application. 

One solution is to support modification of the list; however, the 

15 manufacturer of the content-rendering application or device may have legitimate 
interests in limiting the set of content providers who are included on the list. For 
example, the manufacturer may wish to ensure that the content providers adhere to 
technical standards, or may wish to foster business relationships with certain content 
providers by granting them exclusive or semi-exclusive membership on the list. If the 

20 list can be modified without restriction, then the manufacturer of the application loses 
the ability to serve these interests by controlling who is on the list. 

In view of the foregoing, there is a need for a system that overcomes the 
drawbacks of the prior art. 

25 SUMMARY OF THE INVENTION 

The present invention provides an infrastructure for a shopping service 
within a user application, such as a content-rendering application. An application in 
accordance with the invention includes a link to a retail directory server (e.g., the 
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application may store the universal record locator or "URL" of such a server). Upon 
being contacted by the application, the retail directory server renders on the user's 
machine a web page containing a list of retail web sites. The web page rendered by the 
retail directory server offers the user the chance to add some or all of the listed sites to 

5 a private list of retailers that is stored on the client machine. The particular set of retail 
sites listed in the directory server can be modified at any time by the party who controls 
the directory server. An application in accordance with the invention also includes a 
retail shopping user interface, which displays to the user all retailers in his or her 
private list and allows the user to connect to any of the retailers on that list. A retail 

10 shopping service is thus "integrated" into the application. 

In one embodiment of the invention, the application that incorporates an 
integrated shopping service is a content-rendering application, such as an eBooks 
reading application. In such an application, the integrated shopping service may take 
the form of an "integrated bookstore," which displays a list of on-line bookstores that 

15 sell eBooks and allows the user to navigate to those bookstores directly through the list. 
The retail directory server whose URL is included in the application may provide a 
"bookstore directory," which renders a list of on-line bookstores on the user's machine 
and offers the user the opportunity to add those bookstores to his or her private list. 
The actual list of bookstores displayed to the user as part of the application 1 s 

20 "integrated bookstore" is the private list of bookstores chosen by the user from the 
bookstore directory page. 

In another embodiment, the retail directory server may be configured to 
provide arbitrary data to the user's machine, rather than merely a list of retail web 
sites. For example, the directory server may download to the user's machine a set of 

25 off-line catalogues that the user can use to shop for content when not connected to the 
Internet. For example, if the user's machine is a palm-size computer, the user may be 
able to shop off-line for content, where off-line orders are stored for transmission to an 
appropriate web site when the device is cradled. The user's machine may store 
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parameters (e.g., in the form of cookies) that allow customized content to be delivered 
to the user from the retail directory server. For example, the user may subscribe to an 
on-line newsletter (e.g., through a previous contact with the retail directory), and this 
newsletter may then be updated on the user's machine each time the bookstore directory 
server is contacted. In contrast to systems that merely hardcode a list of retail web sites 
into an application, the use of a bookstore directory server, whose information can be 
updated or modified at any time, supports extensibility of the directory function. 
According to an aspect of the invention, where the directory comprises a list of web 
sites, each web site is represented in the directory by signed data. The signed data is 
copied to the user's private list when the user selects a site from the directory. The 
integrated shopping feature of the application authenticates the site in the user's private 
list before displaying the site as part of the user interface of the shopping service 300 or 
pointing a web browser to the site represented by that data. 

The invention also provides a tool for signing the information so that it 
can be authenticated by the application. By controlling the use of the signing tool, the 
manufacturer of the application can control which web sites are placed in the directory, 
and thus prevent the application from pointing the browser to "rogue" sites that have 
been added to the directory without approval from the application manufacturer (or 
another entity that controls the constituency of the directory). 

BRIEF DESCRIPTION OF THE DRAWINGS 

The foregoing summary, as well as the following detailed description of 
preferred embodiments, is better understood when read in conjunction with the 
appended drawings. For the purpose of illustrating the invention, there is shown in the 
drawings exemplary constructions of the invention; however, the invention is not 
limited to the specific methods and instrumentalities disclosed. In the drawings: 

FIG. 1 is a block diagram of an exemplary computing environment in 
which aspects of the invention may be implemented; 
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FIG. 2 is a diagram of a user interface for an exemplary software 
application in accordance with aspects of the invention; 

FIG. 3 is a diagram of a user interface for an exemplary shopping 
service which, in accordance with aspects of the invention, is integrated into a software 
5 application; 

FIG. 4 is a diagram of a retail directory, as displayed on typical web 
browsing software; 

FIG. 5 is a block diagram of a software application having an integrated 
shopping service according to aspects of the invention; 
10 FIG. 6 is a block diagram of an exemplary data structure for a retail 

directory; 

FIG. 7 is a block diagram of an exemplary data structure for a personal 

retail list; 

FIG. 8 is a flow diagram of an exemplary process for using a retail 
15 directory to add retail web sites to a personal list, in accordance with aspects of the 
invention; 

FIG. 9 is a block diagram of aspects of an exemplary system architecture 
according to the invention, indicating an exemplary flow of information through the 
architecture; 

20 FIG. 10 is a block diagram of an exemplary data structure for a signed 

retail directory; 

FIG. 11 is a block diagram of an exemplary data structure for a signed 

personal retail list; 

FIG. 12 is a flow diagram of an exemplary process for adding signed 

25 data to a retail directory; 

FIG. 13 is a flow diagram of an exemplary process for adding 
authenticated data to a personal retail directory; and 

FIG. 14 is a diagram of a user interface for a site signature tool for 
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signing and verifying data according to one aspect of the invention. 

DETAILED DESCRIPTION OF THE INVENTION 

Overview 

5 The Internet has provided consumers with opportunities to shop for 

numerous and varied products on line. Using a browser, a consumer can visit a 
seemingly limitless number of web sites and purchase nearly any type of good or 
service. Some types of goods, and services, however, are particularly adapted to be 
used with certain software applications. A case in point is digital content (e.g., books, 

10 audio, video, etc.) that comes delivered in a particular format for use with a certain 
type of rendering application (e.g., an electronic book reader, an audio player, a video 
player, etc.). It is particularly useful for a consumer to be able to purchase such content 
from within the rendering application itself. It is further useful to limit the universe of 
web sites that a consumer can access from within the rendering application to those web 

15 sites that distribute digital content adapted for the application. The present invention 
provides an architecture for a shopping service that allows a user to visit certain web 
sites (e.g., retail web sites) from within an application, and that allows a third party 
entity to control which web sites can be accessed from within the application. 

20 Exemplary Computing Environment 

FIG. 1 illustrates an example of a suitable computing system 
environment 100 in which the invention may be implemented. The computing system 
environment 100 is only one example of a suitable computing environment and is not 
intended to suggest any limitation as to the scope of use or functionality of the 

25 invention. Neither should the computing environment 100 be interpreted as having any 
dependency or requirement relating to any one or combination of components illustrated 
in the exemplary operating environment 100. 
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The invention is operational with numerous other general purpose or 
special purpose computing system environments or configurations. Examples of well 
known computing systems, environments, and/or configurations that may be suitable 
for use with the invention include, but are not limited to, personal computers, server 
5 computers, hand-held or laptop devices, multiprocessor systems, microprocessor-based 
systems, set top boxes, programmable consumer electronics, network PCs, 
minicomputers, mainframe computers, distributed computing environments that include 
any of the above systems or devices, and the like. 

The invention may be described in the general context of computer- 
10 executable instructions, such as program modules, being executed by a computer. 
Generally, program modules include routines, programs, objects, components, data 
structures, etc. that perform particular tasks or implement particular abstract data types. 
The invention may also be practiced in distributed computing environments where tasks 
are performed by remote processing devices that are linked through a communications 
15 network or other data transmission medium. In a distributed computing environment, 
program modules and other data may be located in both local and remote computer 
storage media including memory storage devices. 

With reference to FIG. 1, an exemplary system for implementing the 
invention includes a general purpose computing device in the form of a computer 110. 
20 Components of computer 1 10 may include, but are not limited to, a processing unit 
120, a system memory 130, and a system bus 121 that couples various system 
components including the system memory to the processing unit 120. The system bus 
121 may be any of several types of bus structures including a memory bus or memory 
controller, a peripheral bus, and a local bus using any of a variety of bus architectures. 
25 By way of example, and not limitation, such architectures include Industry Standard 

Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) 
bus, Video Electronics Standards Association (VESA) local bus, and Peripheral 
Component Interconnect (PCI) bus (also known as Mezzanine bus). 
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Computer 110 typically includes a variety of computer readable media. 
Computer readable media can be any available media that can be accessed by computer 
110 and includes both volatile and nonvolatile media, removable and non-removable 
media. By way of example, and not limitation, computer readable media may comprise 
5 computer storage media and communication media. Computer storage media includes 
both volatile and nonvolatile, removable and non-removable media implemented in any 
method or technology for storage of information such as computer readable 
instructions, data structures, program modules or other data. Computer storage media 
includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory 
10 technology, CDROM, digital versatile disks (DVD) or other optical disk storage, 
magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage 
devices, or any other medium which can be used to store the desired information and 
which can accessed by computer 110. Communication media typically embodies 
computer readable instructions, data structures, program modules or other data in a 
15 modulated data signal such as a carrier wave or other transport mechanism and includes 
any information delivery media. The term "modulated data signal" means a signal that 
has one or more of its characteristics set or changed in such a manner as to encode 
information in the signal. By way of example, and not limitation, communication media 
includes wired media such as a wired network or direct-wired connection, and wireless 
20 media such as acoustic, RF, infrared and other wireless media. Combinations of any of 
the above should also be included within the scope of computer readable media. 

The system memory 130 includes computer storage media in the form of 
volatile and/or nonvolatile memory such as read only memory (ROM) 131 and random 
access memory (RAM) 132. A basic input/output system 133 (BIOS), containing the 
25 basic routines that help to transfer information between elements within computer 1 10, 
such as during start-up, is typically stored in ROM 131. RAM 132 typically contains 
data and/or program modules that are immediately accessible to and/or presently being 
operated on by processing unit 120. By way of example, and not limitation, FIG. 1 
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illustrates operating system 134, application programs 135, other program modules 
136, and program data 137. 

The computer 110 may also include other removable/non-removable, 
volatile/nonvolatile computer storage media. By way of example only, FIG. 1 illustrates 

5 a hard disk drive 140 that reads from or writes to non-removable, nonvolatile magnetic 
media, a magnetic disk drive 151 that reads from or writes to a removable, nonvolatile 
magnetic disk 152, and an optical disk drive 155 that reads from or writes to a 
removable, nonvolatile optical disk 156, such as a CD ROM or other optical media. 
Other removable/non-removable, volatile/nonvolatile computer storage media that can 

10 be used in the exemplary operating environment include, but are not limited to, 

magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, 
solid state RAM, solid state ROM, and the like. The hard disk drive 141 is typically 
connected to the system bus 121 through an non-removable memory interface such as 
interface 140, and magnetic disk drive 151 and optical disk drive 155 are typically 

15 connected to the system bus 121 by a removable memory interface, such as interface 
150. 

The drives and their associated computer storage media discussed above 
and illustrated in FIG. 1, provide storage of computer readable instructions, data 
structures, program modules and other data for the computer 110. In FIG. 1, for 

20 example, hard disk drive 141 is illustrated as storing operating system 144, application 
programs 145, other program modules 146, and program data 147. Note that these 
components can either be the same as or different from operating system 134, 
application programs 135, other program modules 136, and program data 137. 
Operating system 144, application programs 145, other program modules 146, and 

25 program data 147 are given different numbers here to illustrate that, at a minimum, 
they are different copies. A user may enter commands and information into the 
computer 20 through input devices such as a keyboard 162 and pointing device 161, 
commonly referred to as a mouse, trackball or touch pad. Other input devices (not 
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shown) may include a microphone, joystick, game pad, satellite dish, scanner, or the 
like. These and other input devices are often connected to the processing unit 120 
through a user input interface 160 that is coupled to the system bus, but may be 
connected by other interface and bus structures, such as a parallel port, game port or a 

5 universal serial bus (USB). A monitor 191 or other type of display device is also 
connected to the system bus 121 via an interface, such as a video interface 190. In 
addition to the monitor, computers may also include other peripheral output devices 
such as speakers 197 and printer 196, which may be connected through an output 
peripheral interface 195. 

io The computer 110 may operate in a networked environment using logical 

connections to one or more remote computers, such as a remote computer 180. The 
remote computer 180 may be a personal computer, a server, a router, a network PC, a 
peer device or other common network node, and typically includes many or all of the 
elements described above relative to the computer 110, although only a memory storage 

15 device 181 has been illustrated in FIG. 1. The logical connections depicted in FIG. 1 
include a local area network (LAN) 171 and a wide area network (WAN) 173, but may 
also include other networks. Such networking environments are commonplace in 
offices, enterprise-wide computer networks, intranets and the Internet. 

When used in a LAN networking environment, the computer 110 is 

20 connected to the LAN 171 through a network interface or adapter 170. When used in a 
WAN networking environment, the computer 110 typically includes a modem 172 or 
other means for establishing communications over the WAN 173, such as the Internet. 
The modem 172, which may be internal or external, may be connected to the system 
bus 121 via the user input interface 160, or other appropriate mechanism. In a 

25 networked environment, program modules depicted relative to the computer 110, or 
portions thereof, may be stored in the remote memory storage device. By way of 
example, and not limitation, FIG. 1 illustrates remote application programs 185 as 
residing on memory device 181. It will be appreciated that the network connections 
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shown are exemplary and other means of establishing a communications link between 
the computers may be used. 



Application with Integrated Shopping Feature 

5 Referring now to FIG. 2, there is shown a user interface of an 

application 200. In FIG. 2, application 200 is depicted as a text-rendering application 
for reading electronic books ("eBooks") 202. It will be appreciated, however, that a 
text-rendering application is merely exemplary, and application 200 may be any type of 
application. For example, application 200 may be a rendering application that renders 

10 other types of content (e.g., music, video, multimedia, etc.). As described below, it is 
particularly useful to incorporate an integrated shopping feature into a content-rendering 
application, because the integrated shopping feature may be used to shop for digital 
content that is adapted to be rendered by the rendering application. However, 
application 200 need not be such a rendering application. In greater generality, 

15 application 200 may be any application in which it is useful or desirable to incorporate 
an integrated shopping feature as described below. All such embodiments of application 
200 are within the spirit and scope of the invention. 

As noted above, in the example of FIG. 2 application 200 renders 
eBooks 202. eBooks are known in the art and are described generally in "Open eBook 

20 Publication Structure 1.0" (September 16, 1999), available at 

http://www.openebook.org/oebpsdownload.htm, which is incorporated herein by 
reference. Typically (although not necessarily), eBooks are obtained separately from 
the application used to render them - i.e. , the user uses a stand-alone browser to 
navigate to a web site that distributes eBooks, chooses an eBook, and then downloads a 

25 file containing the eBooks to the user's computing device, at which point the user may 
use application 200 to "click" on one of eBooks 202 (e.g., by using pointing device 
161, shown in FIG. 1) in order to open and render the eBook. At least some of eBooks 
202 may have been obtained by a user's navigating to a web site and obtaining the book 
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(either directly or indirectly) from that web site. However, since text-rendering 
application 200 is of limited value without a source of eBooks, it is particularly useful 
to incorporate into application 200 a shopping feature that permits a user to shop for 
eBooks from within application 200. The present invention provides such a feature. 

5 FIG. 3 shows a user interface for an exemplary shopping service 300 in 

accordance with the invention. Preferably, shopping service 300 provides an interface 
whereby a user may visit web sites from within application 200. For example, the 
exemplary interface shown in FIG. 3 includes a list of links 302-310; clicking one of 
the links (e.g., by using pointing device 161, shown in FIG. 1) allows the user to visit 

10 the web site indicated by the link. At least some of the links are links to web sites that 
perform retail functions, such as the selling of digital content. FIG. 3 shows an example 
where shopping service 300 is adapted to an eBook-reading application, and thus links 
304, 306, 308, and 310 are links to sites that distribute eBooks. For example, a user of 
the application depicted in FIG. 2 might click on the "bookstore" icon 204 in order to 

15 shop for eBooks, thereby invoking the shopping service depicted in FIG. 3. It will be 
appreciated that, when shopping service 300 is associated with an application other than 
an eBooks-reading application, the links provided in the shopping service may be links 
to web sites that distribute different types of products. For example, if shopping service 
300 were associated with an audio- or video-rendering application, then shopping 

20 service 300 would preferably display links to web sites that distribute digital audio or 
video. 

In a preferred embodiment, shopping service 300 comprises a form of 
web browser. For example, the web browser may be a standard web browser with a 
simplified user interface (that may include fewer user functions than the standard user 
25 interface when the browser is opened as a stand-alone). When shopping service 300 
comprises a form of web browser, the logic that implements shopping service 300 is 
capable of displaying and following links to any web site, regardless of whether the 
web site is a retail web site, and regardless of whether the web site sells products that 
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are related to the application 200 of which shopping service 300 is a part. The 
particular choice of links displayed (i.e. , the fact that at least some of the links are to 
retail web sites) allows the web browser to function as a shopping service. It will be 
noted, however, that in the example of FIG. 3, one of the links (i.e. , link 302) is not a 
5 link to a retail web site, but rather a link to a "bookstore directory," which is described 
below. The web-browsing logic that shopping service 300 uses to visit web sites is 
preferably content-agnostic to the type of information contained at the web site; as long 
as a link is properly listed in shopping service 300, the web browser will follow the link 
regardless of what type of information is maintained at the site. 
10 FIG. 4 shows a retail directory 400, as might be displayed on web 

browsing software. In FIG. 4, retail directory 400 is shown as a "bookstore directory" - 
- i.e., a directory of electronic "bookstores" that sell eBooks - although it will be 
understood that a directory of eBooks vendors is merely exemplary, and retail directory 
400 may comprise a list of any type of web sites without departing from the spirit and 
15 scope of the invention. "Web browsing software," in this context, includes general 

purpose web browsers such as MICROSOFT INTERNET EXPLORER. Preferably, the 
"web browsing software" is the web browsing functionality associated with shopping 
service 300, as described above in connection with FIG. 3. As explained below, this 
web browsing functionality may include special purpose web browsing logic within the 
20 application 200 of which integrated shopping service 300 is a part. (As further 

discussed below, the web browsing functionality that implements a shopping service 
within an application may, in fact, be provided by a general purpose web browsing 
program such as INTERNET EXPLORER.) In a preferred embodiment, a user 
accesses retail directory 400 by clicking a link such as link 302 (shown in FIG. 3) 
25 within a shopping service 300. 

Retail directory 400 preferably comprises a web page that lists one or 
more retail web sites. The exemplary retail directory 400 in FIG. 4 lists retail web sites 
402, 404, 406, and 408. Each listing includes various components. For example, listing 



MSFT-0260/158416.2 - 14 - PATENT 

402 includes a logo 402a, a web site name 402b, and a web site description 402c. 
Associated with each listing is an "add" button 410. By clicking on the "add" button 
410 associated with a particular web site listing, the user adds the web site to his or her 
personal list of retail web sites. (The process of using the retail directory 400 to add 

5 web sites to a personal list is described below in connection with FIG. 8.) Thus, retail 
directory 400 contains a list of web sites that a user can choose to add to the list 
displayed by integrated shopping feature 300, and integrated shopping service 300 will 
display those web sites that the user has selected from retail directory 400. (It should 
be noted that, in some cases, the integrated shopping feature may be configured to 

10 display certain web sites without the user's having selected those sites from retail 
directory 400.) 

Structure of an Application Having an Integrated Shopping Service 

Referring now to FIG. 5, there is shown an exemplary structure of an 

15 application 200 that employs an integrated shopping service 300. Application 200 
(which runs on computer 110, shown in FIG. 1), includes integrated shopping logic 
502. Integrated shopping logic 502 comprises software which performs functions 
including: (a) providing the user interface (UI) and functionality that enables a user to 
visit retail web sites; and (b) maintaining a list of retail web sites that a user may visit 

20 as part of integrated shopping service 300. 

Integrated shopping logic 502 may employ or provide web browser 504, 
in order to provide the UI and functionality that permits the visiting of retail web sites. 
For example, integrated shopping logic 502 may include instructions that starts web 
browser 504 whenever the user invokes integrated shopping service 300. Web browser 

25 504 may be a web-browsing module that is specially adapted to work with application 
200. Alternatively, web browser 504 may be a general-purpose web browser such as 
the INTERNET EXPLORER browser, which can be invoked from within application 
200. When web browser 504 is embodied as a general purpose web browser, 
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application 200 may invoke web browser 504 in such a way that it appears to a user as 
if it were included within application 200 - e.g., integrated shopping logic 502 may 
invoke web browser 504 inside the window of application 200. 

Integrated shopping logic 502 may also employ or provide a personal 
retail list 506. Personal retail list 506 includes the list of links that are to be displayed 
by web browser 504. For example, referring back to FIG. 3, in exemplary integrated 
shopping service 300 links 302-310 may be stored in personal retail list 506. Thus, in a 
preferred embodiment, application 200 implements an integrated shopping service by 
invoking web browser 504 and instructing it to display the links found in personal retail 
list 506. 

Integrated shopping logic 502 may include the capability to add (or 
delete) items from personal retail list 506. In the example of FIG. 5, integrated 
shopping logic 502 uses web browser 504 to access retail directory 400, and adds new 
retail sites from retail directory 400 to personal retail list 506. For example, retail 
directory 400 may be implemented on a remote computer (e.g., remote computer 180, 
shown in FIG. 1), which functions as a "retail directory server." Retail directory 400 
may take the form of an HTML file which is stored on remote computer 180, and 
which is dynamically updateable to reflect a current list of retail site choices. Thus, the 
HTML file and the remote computer 180 on which it is stored may be represented 
together as a universal record locator (URL). A user may access retail directory 400 by 
clicking on a link (e.g. , link 302 shown in FIG. 3), which navigates to the URL of the 
retail directory 400. When a user accesses retail directory 400, web browser 504 
displays the retail directory HTML file as a web page (e.g., the web page shown in 
FIG. 4). When the user clicks an "add" button 410 for a particular retail web site listed 
in retail directory 400, logic stored in the web pages executes, thereby causing data 
representative of the selected retail web site to be downloaded from remote computer 
180 to the user's computer 110. Integrated shopping logic 502 then stores the 
downloaded data in personal retail list 506. 
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It should be observed that web browser 504 and personal retail list 506 
are shown in FIG. 5 as being within application 200. However, this arrangement is 
merely exemplary, as web browser 504 and personal retail list 506 merely need to be 
accessible to integrated shopping logic 502, and do not necessarily need to be contained 

5 within application 200. For example, web browser 504 may be a dynamic-link library 
(.dll file) provided as part of the operating system that resides outside of the file(s) that 
store application 200. Alternatively - and particularly when web browser 504 is a 
general-purpose web browser - web browser 504 may be a set of files that is separate 
from the file(s) that store application 200 (e.g., web browser 504 may be the ,exe file, 

10 and related data files, that store the INTERNET EXPLORER browser). Likewise, 
personal shopping list 506 could be stored within application 200, but could also be 
stored as one or more files separate from application 200. In a preferred embodiment, 
personal retail list 506 is stored under a set of registry keys in the WINDOWS registry 
of the device on which application 200 is installed. (Certain parts of the retail list may 

15 be stored outside of the registry; for example, a bitmap for a logo, being several 
kilobytes in size, may be stored in a separate file.) 

Exemplary Structure of a Retail Directory 

FIG. 6 shows an exemplary structure of retail directory 400. As noted 
20 above, retail directory 400 comprises a list of retail sites that may be added to a user's 

personal retail list. As also noted above, each retail site is represented by certain data. 

FIG. 6 thus shows an exemplary data structure for retail directory 400, including the 

various data fields that are used to represent each retail site. 

Retail directory 400 lists various retail sites. Each retail site has an entry 
25 602, 604. FIG. 6 shows only two entries, but it will be understood that the number of 

entries shown is merely exemplary, as retail directory 400 may have any number of 

entries; the actual number depends on the number of retail sites that are available to be 
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used with an integrated shopping service 300. In the example of FIG. 6, entry 602 and 
604 correspond to retail web sites 402 and 404, respectively (shown in FIG. 4). 

Each entry in retail directory 400 is represented by various data fields. In 
the example of FIG. 6, entry 602 includes a site ID 602a, a site name 602b, a site 

5 description 602c, a site URL 602d, a site logo 602e, and site flags 602f. Other entries 
include like data fields. The site ID 602a is a number that is assigned uniquely to each 
site that appears in the retail directory. The number may, in one example, be used by 
integrated shopping service 300 to sort the entries when they are displayed to the user. 
In this case, the particular site ID 602a assigned may be based on a business 

10 relationship with the owner/operator of the web site - that is, the distributor of 

application 200, and the owner/operator of the web site, may agree that the web site 
will appear in a specified order on the list displayed by integrated shopping service 300, 
in which case the site ID 602a may be used to fulfill that agreement when the sites are 
sorted by their respective side IDs. The site name 602b is the commonly used name for 

15 a particular web site. For example, the web site whose URL is 

http : //www . amazon . com is commonly known as "amazon.com," and thus the site name 
field 602b contains "amazon.com." The site description 602c is a text string that 
preferably describes the site. In the example, the site description of "amazon.com" is 
"Microsoft Reader eBookstore." The site URL 602d is the actual URL at which the site 

20 is located, and it may not be shown as part of the user interface. Site logo 602e is a 
graphical image (e.g., a bitmap) that is associated with the retail site represented by 
entry 602. Typically, the graphical image is the logo associated with a retail site, 
although any image may be stored in field 602e. Site flags 602f include technical 
information about the retail site, for example, the file format of site logo 602e. It 

25 should be understood that data fields 602a-602f are merely exemplary, and a web site 
could be represented by any appropriate data without departing from the spirit and 
scope of the invention. 
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The web page that a user's computer 110 downloads when viewing retail 
directory 400 includes: (a) the information in each entry 602, 604 (or at least a subset 
of that information), in a format suitable for rendering by a web browser; and (b) 
executable instructions that cause the information in each entry to be downloaded to the 
5 user's computer 110 when the user clicks an "add" button 410 (shown in FIG. 4). It 
should be noted that the data that is added to a user's personal retail list 506 when an 
"add" button 410 is clicked may in fact be an exact copy of the data in the selected 
entry 602, 604. 

It should be noted that retail directory 400 may be stored by any means 
10 and in any manner that supports the storage of data. As one non-limiting example, all 
entries 602, 604 may be stored in a file. As a further example, the file that stores 
entries 602 and 604 may, in fact, be an HTML file that is downloaded to a user's 
machine for viewing as the retail directory web page. In this case, the retail directory 
page shown in FIG. 4 is merely the rendering of the HTML page. When retail 
15 directory 400 is represented as such an HTML page, some data may be stored in non- 
printing fields. (E.g., the site ID 602a, site URL 602d, and site flags 602f may be 
stored in non-printing fields or as part of the scripting code executed by the web page, 
since those items are not displayed when the retail directory page is rendered on a 
browser as shown in FIG. 4.) 

20 

Exemplary Structure of a Personal Retail List 

FIG. 7 shows an exemplary structure of a personal retail list 506, which 
is stored on the computing device that runs the application 200 with which integrated 
shopping service 300 is associated. Personal retail list 506 includes a plurality of entries 
25 602, 622, 624, which correspond to the various web sites that a user can access from 
within integrated shopping service 300. In order for a web site to be accessible from 
within integrated shopping service 300, an entry corresponding to that web site is 
included in personal retail list 506. 
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Entry 622 includes' data fields for a site ID 622a, site name 622b, site 
description 622c, site URL 622d, site logo 622e, and site flags 622f. Entries 624 and 
602 include like fields. As can be seen from a comparison between FIGS. 6 and 7, the 
format of the entries in persona retail list 506 correspond to the format of the entries in 

5 retail directory 400. It will be noted that, in the example of FIGS. 6 and 7, entry 602 
appears in both personal retail list 506 and in retail directory 400. Preferably, entries in 
retail directory 400 and personal retail list 506 are in the same format. More 
preferably, entries are inserted into personal retail list 506 by copying them from retail 
directory 400, which occurs when a user selects a web site in retail directory 400 to be 

10 included in his or her personal retail list 506 by clicking "add" button 410. The process 
of migrating information from retail directory 400 to personal retail list 506 is 
described below in connection with FIG. 8. 

It will further be observed that the first listed entry 622 in FIG. 7 is an 
entry for the retail directory 400 itself. This example underscores two points: First, any 

15 web site may be listed in personal retail list 506, regardless of whether it is a retail web 
site or some other type of web site; integrated shopping service 300 is most useful when 
personal retail list 506 includes at least some retail web sites, but the architecture of 
integrated shopping service 300 permits any type of web site to be represented in 
personal retail list 506 (and rendered by web browser 504). Second, as discussed 

20 above, retail directory 400 is implemented as an ordinary web site, and thus can be 
visited like any other website. Moreover, by implementing retail directory 400 as an 
ordinary web site, retail directory 400 can be designed with the breadth of functionality 
available to web sites ingeneral (i.e., retail directory 400 may have all the features 
supported by HTML, and most importantly, it can be updated at any time, even after 

25 the application has been installed by the user). This aspect of the invention supports the 
extensibility of application-integrated retail directories, which is a significant advance. 

It will be appreciated that the data structure shown in FIG. 7 is merely 
exemplary, and personal retail list 506 may store any type of information (in any 
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format), so long as the information identifies those web sites that may be visited from 
within integrated shopping service 300. Moreover, personal retail list 506 may be 
stored in any manner (e.g., in a file, under a set of registry keys, inside a database, 
etc.) without departing from the spirit and scope of the invention. Preferably, personal 
5 retail list is at least partly stored under a set of registry keys that can only be modified 
by the server that provides retail directory 400; this type of storage gives the entity that 
provides retail directory 400 control over the content of personal retail list 506 by 
deterring user modification. 



10 Process of Using Retail Directory 400 to Select Retail Web Sites 

FIG. 8 shows an exemplary process by which a user accesses retail 
directory 400 and adds web sites to his or her personal retail list 506. At step 802, the 
user visits retail directory 400. This action may be performed by a user's opening an 
ordinary stand-alone browser (e.g., the MICROSOFT INTERNET EXPLORER 

15 browser), and visiting the retail directory web site by entering a URL. Preferably, the 
URL of the retail directory 400 web site is included in personal shopping list 506 (or is 
otherwise incorporated into application 200 that includes integrated shopping service 
300), so that the user may visit the retail directory web site using integrated shopping 
service 300. In one example, application 200 is delivered to the user with a personal 

20 shopping list 506 that includes an entry for retail directory 400, so that the user will 
initially be able to access retail directory 400 from integrated shopping service 300. 

At step 804, the retail directory page is rendered on the user's device. 
The rendering is performed either by a stand-alone browser (if the user uses a stand- 
alone browser to visit the web page), or by web browser 504 (shown in FIG. 5), if 

25 integrated shopping service 300 has been used to visit retail directory 400. 

At step 806, the user selects web sites to add to personal retail list 506. 
As noted above in connection with FIG. 4, the user may make this selection by 
"clicking" on an "add" button 410. In response to the user's selection, an entry for the 
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selected web site is inserted into the user's personal retail list 506 (step 808). As shown 
in FIG. 8, the step of inserting this entry may be performed by copying an entry from 
retail directory 400 to personal list 506 (e.g., by copying the data over the Internet). 

After a user has selected a web site from retail directory 400 and the 

5 appropriate entry has been inserted into personal retail list 506, the user may invoke the 
integrated shopping feature 300 in order to visit those sites in personal retail list 506 
(including the sites that the user just added at steps 802-808). When integrated shopping 
service 300 is invoked, links to the web sites in the user's personal retail list 506 are 
rendered (step 810). (FIG. 3 shows an example of the integrated shopping service 300 

10 rendering links to sites that are listed in personal retail list 506). In order to visit one of 
the sites, the user clicks on the links (step 812), at which point the page for the selected 
site is opened (step 814). The user is then able to browse the selected site and shop for 
content (step 816). 

15 Example: Use of Integrated Shopping Service to Purchase eBooks 

FIG. 9 shows an example in which the present invention is used to 
purchase electronic books (eBooks) from within an eBooks rendering software 
application. 

As shown in FIG. 9, a controlling party 902 adds third-party web sites to 
20 retail directory 400. In this example, retail directory 400 is a "bookstore directory," 

which lists retail web sites that distribute eBooks. Controlling party 902 is the party that 
controls the constituency of bookstore directory 400. For example, controlling party 
902 may be the manufacturer and/or distributor of the application 200 which uses 
integrated shopping service 300. As another example, controlling party 902 may be a 
25 different party that has been engaged to control which web sites may be listed in 
bookstore directory 400. 

A user may navigate to bookstore directory 400 — e.g., by using a stand- 
alone browser, or by using integrated shopping service 300 (which, as noted above, 
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may include a browser). The user views the bookstore directory 400 and chooses web 
sites from bookstore directory 400 to add to his or her personal retail list 506 (shown in 
FIG. 5). In response to the user's selection, bookstore directory 400 transmits to the 
user's machine data (e.g., the "entries" shown in FIGS. 6 and 7) that correspond to the 

5 user's chosen web sites. These choices are stored in personal retail list 506 and are 
displayed on the user interface of integrated shopping service 300, which, in this 
example, is a "bookstore page." 

From bookstore page 300, the user navigates to a "third-party web site." 
The third-party web site is one of the sites displayed on the bookstore page. For 

10 example, and referring for the moment back to FIG. 3, link 304 ("Barnes & 

Noble.com") is an example of a third-party web site. As previously noted, integrated 
shopping service 300 (which is bookstore page 300, in this example) includes or 
employs a browser (or equivalent browsing functionality), which allows a user to 
navigate to the third-party web sites from within the application of which integrated 

15 shopping service/bookstore page 300 is a part. The user then uses the third-party web 
sites to shop for content. In this example, the third-party web sites are electronic 
bookstores that provide eBooks. Thus, the user can purchase eBooks from the third- 
party web sites from within the eBook-reading application, and download such eBooks 
to his or her computing device. 

20 Once the eBooks are downloaded to the user's computing device, a list 

of downloaded eBooks is displayed by the rendering application. For example, the 
purchased eBooks may be displayed on a "library page," such as that shown in FIG. 2. 
The user may then use the eBook-reading application to open and render the eBooks. 

25 Authentication of Directory Entries 

To enable an application manufacturer to control the set of retailer web 
sites that may be accessed from within a content-rendering application in accordance 
with this invention, a signature is added to the directory entry for each site. Before a 



MSFT-0260/158416.2 - 23 - PATENT 

link to a web site is rendered on a user's computer in shopping service 300 (shown in 
FIG. 3), the signature is authenticated. If the signature for a particular web site cannot 
be authenticated, then no link to that web site is displayed. By signing retail directory 
entries and authenticating the signatures before rendering the entries on a user's 
5 computing device, the application can be trusted not to render web site links if the entry 
cannot be authenticated, and therefore prevents unapproved web sites from being 
offered. 

The signature may be created by hashing data in the entry and signing 
the hash with a private key, although any digital signature technique may be used. The 

10 private key used to generate the hash (this key is embedded in the signing tool) is 

preferably a secret maintained by the manufacturer of the content-rendering application. 
It will be appreciated, however, that an entity other than the application manufacturer 
may be designated to control the addition of entries to the directory, in which case the 
private key may be maintained by such other entity. 

15 In a preferred embodiment, the signature is generated and added to a site 

by the content rendering application manufacturer (or other authorized entity). FIG. 10 
shows the structure of a retail directory 400a. It will be observed that retail directory 
400a is similar to retail directory 400 (shown in FIG. 6), except that each entry in retail 
directory 400a includes a signature. Retail directory 400a includes a plurality of retail 

20 site entries 602, 604. Exemplary retail site entry 602 contains site identifier 602a, site 
name 602b, site description 602c, site URL 602d, site logo 602e, and site flags 602f, as 
previously discussed in connection with FIG. 6. Retail site entry 602 also contains a 
signature 1002g. Retail site entries 604, etc., contain similar information. Signature 
1002g is based on some or all of the data contained in items 602a-602f, and may be 

25 created by any digital signature technique. Preferably, signature 602g is based on items 
602a-602d, but not on site logo 602e or site flags 602f. Site logo 602e is typically a 
bitmap that represents logo 402, 404 (shown in FIG. 4), which is generally a relatively 
large amount of data as compared with the other items in entry 602, 604. Since it is 
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costly of resources to sign large amounts of data, and since it is unlikely that a user 
would tamper with the directory merely to change the icon associated with a site, the 
signature is preferably not based on site logo 602e. Similarly, it would seem unlikely 
that site flags 602f would be tampered with and hence site flags 602f preferably is not 
5 signed. 

It should be understood that data fields 602a-602f are merely exemplary, 
and a web site could be represented by any other appropriate data without departing 
from the spirit and scope of the invention. Retail directory 400a may be stored by any 
means and in any manner that supports the storage of data, as previously discussed. 

10 FIG. 11 shows an exemplary structure of a personal retail list 506a. 

Personal retail list 506a is similar to personal retail list 506 whose structure is shown in 
FIG. 7, except that the entries in personal retail list 506a include signatures. Personal 
retail list 506a is stored on the computing device that runs application 200, as discussed 
above in connection with personal retail list 506. Personal retail list 506a includes a 

15 plurality of signed entries. It will be observed that the format of the entries in personal 
retail list 506a is the same as that of the entries in directory 400a, and at least some of 
the entries in personal retail list 506a may, in fact, be copied from retail directory 400a 
(although it should be appreciated that personal retail list 506a may store information in 
any format, which need not be identical to that used in directory 400a). For example, in 

20 FIG. 11 signed entry 602 is a copy of the signed entry 602 that appears in directory 
400a. An exemplary entry 622 in personal retail list 506a includes data fields for site 
identifier 622a, site name 622b, site description 622c, site URL 622d, site logo 622e, 
site flags 622f, and signature 1122g, which are analogous to the similar fields 602a- 
602f and 1002g, shown in FIG. 10. Entries 604 and 622 include like fields. 

25 It will be appreciated that the data structure shown in FIG. 1 1 is merely 

exemplary, and personal retail list 506a may store any type of signed information (in 
any format), so long as the information identifies those web sites that may be visited 
from within integrated shopping service 300. Moreover, personal retail list 506 may be 
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stored in any manner without departing from the spirit and scope of the invention. Like 
personal retail list 506, the data in signed personal retail list is preferably stored under a 
set of registry keys that can only be modified by the server that provides retail directory 
400a. 

5 

Process of Adding Signed Entries to Retail Directory 

FIG. 12 shows an exemplary process by which a signature is signed and 
added to a retail directory by a signing authority. At step 1202 of Figure 12, site data is 
entered for a web site that is to be signed. The particular site data that is used at step 

10 1202 is the site data that will form the basis for the signature. As noted above, this data 
may not include all of the data in the site's entry in the directory; for example, the data 
that forms the basis for the signature may exclude the site logo and site flags. 

At step 1204 a signature-generating tool (e.g., the tool depicted in FIG. 
14 below) is employed to generate a signature using a private key. Any digital 

15 signature technique (e.g., the RSA algorithm, etc.) may be used to generate the 

signature. Typically, the signature is generated cryptographically using a private key, 
and the corresponding public key is distributed to or as part of applications that use the 
signed data (e.g., content-rendering application 200 which includes integrated shopping 
service 300) so that such applications may verify the signature, e.g. establish that the 

20 site data matches the given signature. When the signature is generated with this method, 
access to the private key is preferably restricted, since the ability to place an entry in 
the directory with a valid signature is a valuable asset. 

At step 1206, the generated signature is added to the site data. For 
example, the signature may be included as item 1002g (shown in FIG. 10) in a 

25 directory entry (such as directory entry 602, shown in FIG. 10). At this point, the 

signing of a directory entry is complete. At step 1208, the signed site data is added to 
retail directory 400a. 
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Process of Obtaining and Authenticating Signed Retail Entries 

FIG. 13 shows a process for selecting and using signed retail site data in 
accordance with the invention. It will be observed that the process depicted in FIG. 13 
includes all of the steps shown in FIG. 8 (which are described above), but also adds an 

5 authentication step 1302. Moreover, it will be observed that the directory from which 
retail sites are obtained is directory 400a (containing signed data) rather than directory 
400. Before a link to a particular web site is rendered (at step 810), its representative 
data in personal retail list 506a is authenticated at step 1302 by verifying the signature 
associated with that data. 

10 If an entry in personal retail list 506a cannot be authenticated, no link to 

the web site represented by such entry is displayed by the integrated shopping service. 
Preventing the display of a non-authentic link provides a mechanism for enforcing the 
condition that the integrated shopping service support only approved web sites. 

15 Tool for Creating Authenticatable Directory Entries 

Referring now to FIG. 14, a user interface is shown for a tool 1400 that 
signs entries for inclusion in the retail directory 400a, and whereby an application may 
verify the signature so that the entry may be used. The tool is used by a "signing 
authority" (e.g., the manufacturer of the user application, or another entity that controls 

20 the constituency of the shopping directory) in order to sign directory entries that have 
been approved for placement in directory 400a. The interface for tool 1400 may include 
data entry fields for site ID 1404, site Name 1408, site URL 1412, and site Description 
1416. Interface 1400 may also include a "Generate" button 1424 and a "Verify" button 
1428. In order to generate a signature, displayed in field 1420, a site ID, site name, 

25 site URL and site description is entered. When the signing authority clicks on the 
"Generate" button 1424, a signature is generated. In an environment employing a 
graphical user interface with typical copy-and-paste features, the signature may be 
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copied out of Signature field 1420 and pasted into an appropriate location - e.g., into 
the directory file, at the signature field for the web site entry that is being signed. 

Preferably, the signature is generated by hashing the information in 
fields 1404, 1408, 1412, and 1416, and encrypting the hash with a private key. In a 
5 preferred embodiment, the hash generated is 1024 bits in length to deter tampering and 
is base-64 encoded, although other key lengths may be utilized and other encoding 
methods (or no encoding at all) may be used without departing from the spirit and scope 
of the invention. 

If a signature is to be verified, a site ID is entered at field 1404, a site 
10 name is entered at field 1408, a site URL at field 1412, a site description at field 1416, 
and a signature at field 1420. Activation of the "Verify" button 415 causes the tool to 
verify that the signature in field 1420 is correct. The signature is verified using the 
public key that corresponds to the private key used to generate the signature. If the 
signature proves to be authentic, then signing tool 1400 may display a message so 
15 indicating. If the signature is not authentic, this fact may also be indicated by an 
appropriate message. 

It should be appreciated that the user interface shown in FIG. 14 is an 
exemplary mode of using a signature generation/verification tool, and is optional. 
Typically, such a tool would be used by the entity that controls the makeup of the 
20 directory in order to generate signatures (or possibly verify signatures on entries in 
which tampering has been suspected). A user application that verifies signature as a 
prerequisite to displaying entries typically performs the signature verification internally 
in a manner that is transparent to the user and does not involve communication with the 
user. 

25 It is noted that the foregoing examples have been provided merely for the 

purpose of explanation and are in no way to be construed as limiting of the present 
invention. While the invention has been described with reference to various 
embodiments, it is understood that the words which have been used herein are words of 
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description and illustration, rather than words of limitations. Further, although the 
invention has been described herein with reference to particular means, materials and 
embodiments, the invention is not intended to be limited to the particulars disclosed 
herein; rather, the invention extends to all functionally equivalent structures, methods 
and uses, such as are within the scope of the appended claims. Those skilled in the art, 
having the benefit of the teachings of this specification, may effect numerous 
modifications thereto and changes may be made without departing from the scope and 
spirit of the invention in its aspects. 



